lua-5.4.4-3.el9

エラータID: AXSA:2023-5344:03

Release date: 
Monday, May 15, 2023 - 09:29
Subject: 
lua-5.4.4-3.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language.

Security Fix(es):

* lua: heap buffer overread (CVE-2022-28805)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.2 Release Notes linked from the References section.

CVE-2022-28805
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

Solution: 

Update packages.

CVEs: 
CVE-2022-28805
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Additional Info: 

N/A

Download: 

SRPMS
  1. lua-5.4.4-3.el9.src.rpm
    MD5: e358fe629a69b08eb3a33a8c3fe59dc2
    SHA-256: 7c57bdeede265fc2dbc025fc07244b1c4f6f0cae89d3f814a93ca35e94a875d5
    Size: 805.29 kB

Asianux Server 9 for x86_64
  1. lua-5.4.4-3.el9.i686.rpm
    MD5: 20389025b8670a6d70e6f66c66b5ec06
    SHA-256: 0bf0c07a1cb4475ef0239e5427754cf1edac78089e2358a3d747f3b45dd337e4
    Size: 193.47 kB
  2. lua-5.4.4-3.el9.x86_64.rpm
    MD5: c226ebdd71ea5a0c20f87751f1b049d0
    SHA-256: 8046eb92c66d8e08e29e7f06ea81537c13177851192911631d2964b31fb1ab5b
    Size: 186.73 kB
  3. lua-devel-5.4.4-3.el9.i686.rpm
    MD5: f3586e9548132a725023c77537218986
    SHA-256: 5ac64705e2df4372aaa515a4c861c6c9be79e474271b46c46d95c3d1c2fe9144
    Size: 21.26 kB
  4. lua-devel-5.4.4-3.el9.x86_64.rpm
    MD5: 4bc2b1a7a6193cf0914ae9e69a1d06a3
    SHA-256: fb354be2b77839c591cf40560ead60c5437028a86b3294b23ab75a4c04556757
    Size: 21.25 kB
  5. lua-libs-5.4.4-3.el9.i686.rpm
    MD5: ee464f75f0ae0c99e341c16ae569cce1
    SHA-256: b1331e2032c4366d722572b46e76a0b66b181c1968ddd44604d91d20e0ffa869
    Size: 238.13 kB
  6. lua-libs-5.4.4-3.el9.x86_64.rpm
    MD5: ba997286f946836bd812d1d4dcf714ac
    SHA-256: 44e7b59cc1c8af82b4d77aaeee7675725b35da9d695f5ffbecfcd267302bbca7
    Size: 213.80 kB